Introducing CFSSL 1.2
Continuing our commitment to high quality open-source software, we’re happy to announce release 1.2 of CFSSL, our TLS/PKI Swiss Army knife. We haven’t written much about CFSSL here since we originally open sourced the project in 2014, so we thought we’d provide an update. In the last 20 months, we have added a ton of great features, and CFSSL has attracted an active community of users and contributors. Users range from large SaaS providers (Heroku) to game companies (Riot Games) and the newest Certificate Authority (Let’s Encrypt). For them and for CloudFlare, CFSSL has become a core tool for automating certificates and TLS configurations. With added support for configuration scanning, automated provisioning via the transport package, revocation, certificate transparency and PKCS#11, CFSSL is now even more powerful.
We’re also happy to announce CFSSL’s new home: cfssl.org. From there you can try out CFSSL’s user interface, download binaries, and test some of its features.
Motivation
This 2013 National Security Agency (NSA) slide describing how data from Google’s internal network was collected by intelligence agencies was eye-opening—and shocking—to many technology companies. The idea that an attacker could read messages passed between services wasn’t technically groundbreaking, but it Continue reading
Network Configuration And The Broken Windows Theory
Taking shortcuts with changes can snowball into configuration chaos.
Do You Really Want to Write that Book?
It’s amazing how interesting questions come in batches: within 24 hours two friends asked me what I think about writing books. Here’s a summary of my replies (as always, full of opinions and heavily biased), and if you’re a fellow book author with strong opinions, please leave them in the comments.
Read more ...How Cloud Must Change To Meet Customer Requirements
Customers need flexible cloud platforms without the risk of vendor lock in.
Perceptions of NFV Hype and Reality
“There are things known and there are things unknown, and in between are the doors of perception," wrote Aldous Huxley. That could be a description of the evolving tension between the perceptions of hype and reality of the NFV market as it enters its important phase of commercialization.
Datanauts 029: The Evil Behind Long-Distance vMotion & Stretched L2 Domains
The Datanauts explore the network and application issues that make moving VMs from one data center to another dangerous, and share ways to enable it safely.
The post Datanauts 029: The Evil Behind Long-Distance vMotion & Stretched L2 Domains appeared first on Packet Pushers.
Datanauts 029: The Evil Behind Long-Distance vMotion & Stretched L2 Domains
The Datanauts explore the network and application issues that make moving VMs from one data center to another dangerous, and share ways to enable it safely.
The post Datanauts 029: The Evil Behind Long-Distance vMotion & Stretched L2 Domains appeared first on Packet Pushers.
Worth Reading: The end of Moore’s Law?
The post Worth Reading: The end of Moore’s Law? appeared first on 'net work.
HyTrust Intel Compliant SDDC Webinar Q&A: Five Key Questions For a Secure & Compliant SDDC
Your questions from the HyTrust Intel webinar on a secure & compliant SDDC are answered here in this Q&A post. Take a peek!
Creating a Dynamic Lab Environment with vEOS and GNS3 – Part II
SETTING UP A DHCP AND FILE SERVER FOR USE WITH ZTP
Now that we have a couple vEOS instances configured and able to communicate, and we have our out-of-band network set up, we can now begin to use ZTP to provide an initial startup config.
NOTE Notice that we did not connect the Management1 interface of either vEOS instance to anything inside of GNS3. If you remember when we created the VMs, their first interface is a host-only adapter connected to the vboxnet in VirtualBox, so it’s automatically connected and there’s nothing additional we need to do there, but GNS3 doesn’t know that so it considers the interface disconnected, and that’s OK. That saves us from having to add our management server(s) to the topology and cluttering it up (Just imagine trying to have a nice clean-looking topology in GNS3 if you had to have a connection from every vEOS instance to the management server(s) ), which is distracting and ugly - we’re better than that. |
ZTP is enabled as a default on the vEOS instances, but we still need to set up a server to provide DHCP and File services. For servers, Ubuntu is my go-to and I usually Continue reading
Creating a Dynamic Lab Environment with vEOS and GNS3 – Part I
GETTING STARTED
Preliminary Installation Setup
Install GNS3
Install VirtualBox
Get ahold of the .vmdk and aboot.iso files
It is recommended to install VirtualBox AFTER you install GNS3 to avoid problems with GNS3 detecting VirtualBox.
Go to www.arista.com, and go to Support > Software Download. The two files you’ll want are the .vmdk file as well as the Aboot .iso file:
Creating the Management Network
To simulate an out-of-band management network, we will create a vboxnet interface, similar to a loopback interface, on our laptop. This will also allow us to interact with our virtual machines via SSH, etc.
Open VirtualBox, go to Preferences, and click Network. Select “Host-only Networks”, and then click the NIC adapter image with a plus symbol on it to add a new host-only network if there isn’t one already:
Select your newly-created vboxnet and click the screwdriver icon to configure it:
We’re going to be using ZTP to provision our switches, so select “DHCP Server”, ensure “Enable Server” is unchecked, and then click OK:
Verify you have a new interface reflecting your vboxnet configuration:
SETTING UP vEOS
Creating a Base Image
You’ll want a nice, clean base image to create clones Continue reading